QSAplha offers a secure ecosystem that promises to keep your data all yours

Protecting your precious personal data has never been more important. Our smartphones can contain not just our address book, but our banking information, credit card accounts and personal information moves in and out of our phones all the time, and it's important to secure it all as best we can.

A company named QSAlpha thinks they can help. They are developing the Quasar IV — and Android-based smartphone that will protect all of your data with what they are calling "unprecedented" encryption. Phone calls, SMS messages, application data, email and everything else moving in and out of your device with public and private keys for each user from 16x16x4 (16 to the power of 16 to the power of 4) three-dimensional matrices. This verifies and protects the user's identity, and makes sure the data going in and out is what it's supposed to be, and going where it's supposed to go.

This is done through a high-security ecosystem known as QuaWorks. QuaWorks consists of three parts — the Qua Store, a secure marketplace for applications; Qua Cloud storage which offers encrypted file storage; and Quatrix, which is the proprietary system used for all the encryption.

All this will be free of charge for users with the Quasar IV, and they expect to launch in June 2014 (April 2014 for backers). We'll definitely have a good look at the platform when and if it launches, but a lot of that will depend on the success of the Indiegogo campaign. You can follow the source links to learn more, and the full press release is after the break.

QuaStore, the world’s most advanced trusted-authentication based application platform, featuring apps that are digitally signed by the original developers to ensure they are free from the widespread malware and viruses that disrupt mobile phone use.

Quatrix™, the proprietary encryption technology of the QuaWorks ecosystem. Quatrix™ generates a pair of public and private keys for each user from 16^16^4 three-dimensional matrices, certifying the user’s unique identity and protecting the transmission of information. With 1077 public and private key pairs available, Quatrix can provide digital identities for the entire global cyberspace population.

“Anytime people exchange data through their smartphones, they take a risk. Unsecured mobile data and applications are the biggest dangers facing the digital world today,” said Steve Chao, founder and CEO of QSα. “Quasar IV and the Quatrix™ technology are capable of solving this massive problem, protecting users from identity thieves, intruders, even uninvited surveillance. We’re confident that the Quasar IV cipherphone addresses the needs of the mass market for ultra-strong security, which is why we’ve initiated this crowdfunding campaign.”

Authenticate Your Digital World

Through the apps in the QuaWorks ecosystem, Quasar IV users are able to make VoIP calls, as well as send/receive emails and text messages, using the revolutionary Quatrix™ trusted-authentication technology. Conventional smartphones authenticate data via public key infrastructure, which are stored online. No matter how many times a user changes passwords, thieves and other unauthorized entities can impersonate a user’s identity if they gain control over the third party authentication server.

Quasar IV, by contrast, uses a seed public matrix stored on the user’s phone to compute and authenticate both ends of any communication event. The seed public matrix functions as a mediator, verifying the two identities and ensuring privacy for texts, emails, file transmissions and voice calls.

“If at all possible, cracking just one private and public key combination would be extremely difficult,” noted Chao. “This is how Quasar IV, Quatrix™ and QuaWorks differ from any mobile security solution in the market.”

Availability

Access to QSAlpha’s QuaWorks ecosystem of base security solutions will be free of charge to Quasar IV cipherphone users. The Quasar IV cipherphone and QuaWorks ecosystem are expected to debut in April, 2014.

For further details on Quasar IV and QSα’s full range of advanced digital security solutions for mobile device users, visit www.qsalpha.com. For further details on the Indiegogo campaign, visit Indigogo.

Reader comments

So I read through this campaign and it's pretty fascinating from a technology standpoint, but I don't have any interest in buying a new phone this early in its development phase without more details on the OS (will it support the Play Store?), and too often the prototype hardware changes dramatically as final hardware. Bottom line is no hurry for me on this, I'm content to wait and see if they get funded, then read the reviews in June ... of 2015 :)

It is a matter of time until someone find a way to decrypt data. With the unlimited supply of resources within each government around the world, I am not buying into these expensive "super secure" hype.

If it is done right (not saying this one is right or wrong at this stage) creating a very secure encryption stack is not a huge deal.

You simply need to create an environment without any 'back doors' (intended or not) such that the amount of computing power needed to decrypt the data absent the keys would be so large that it would make it impractical during the time period that you needed the data to be private.

For example, if you are encrypting a credit card number and exp. date you might make the call that it needs to remain private for 3 years - after which if someone could brute force crack your cipher it would be of little value to them as the number would have already expired. If you calculate that given today's most powerful computers it would take 6,000 years to break the cipher and you expect computer power to increase by 10x each year then in three years it would take something like 6 years to break the cipher leaving you well within the margin of safety.

Of course the longer you need to keep a secret and the more likely that the people who have access to very powerful computers want to know that secret the more extreme your cipher needs to be.

Finally, all of this is predicated on the ability to protect the keys for the duration of the time you want to keep your secret!

The system still relies on a trust-based infrastructure which we've seen lately is useless when the government can strong-arm corporations into providing keys and backdoors. This problem is made worse by closed-source software. Open-source security software, though not perfect, is our only hedge against theft of our private data from all parties.

It took a lot of digging around to find that this company’s head office is based in San Francisco, USA.

So right away, we can assume they will fall under the NSA's thumb. They could be forced to put code in the system that allows government spying.

Plus the fact that they use a special chip set to do the encryption means that this chip is subject to having a backdoor. It will no doubt be manufactured in China or, maybe South Korea, but in either case there are governments that will lean on the manufacturer to backdoor any encryption capabilities.

The best you can hope for is a phone that could send email and text messages, and maybe encrypted voice to similar devices, for business sensitive use cases. You would have to assume someone is listening.

Even if they hand you the source code, you can't be sure they don't upload your private key somewhere.

Oh, and Am I the only one that thinks this phone looks like it was designed by Volvo?

What good is all this encryption unless the other endpoint of your communication is using the same thing? Okay, so you can store your data securely, using this phone + their Cloud. But, your SMS, email, etc. is not much good to you unless it goes to or comes from somewhere. Is the other end going to be using this same phone??

Besides, what good is any of it if some nefarious entity, engaging in criminal activity (e.g. the NSA) can compromise the hardware the phone is built with to put in back doors which they (and anyone else) can exploit to gather your data before it's encrypted or after it's decrypted?

Unless QSa designs AND builds ALL the hardware (and software) that goes into this device, how do they even KNOW that the device isn't already compromised? And even if they do, how do we consumers KNOW that we can believe them?

Just to address your first question. Their internal suite of applications is to be used on both ends for secure communication. So yes, both parties would need to be running at minimum the same software and at worst the same hardware too.

I know. The point was, though a lot of us geeks may want this kind of thing, how many of the people we communicate with would be likely to buy one? I'm thinking not many.

The people who need this level of privacy and would, thus, buy these devices for all in their "party" to use are likely to be many of the exact same people the NSA (or others) would want to monitor. Which brings me back to my second point from earlier. Who would actually buy one of these believing that the NSA (or somebody else) hasn't forced the manufacturer of the phone or one of the suppliers of key components to build in a back door?

All it would take is to compromise the touch screen capture hardware to provide a back door for somebody to capture everything the user typed on the screen. And, of course, there are MANY more ways to compromise the device than just the touch screen input hardware.

Portions of this page are modifications based on work created and shared by the Android Open Source Project
and used according to terms described in the Creative Commons 2.5 Attribution License. AndroidCentral is an independent site
that is not affiliated with or endorsed by Google.